TPM-AND-SB-BYPASS-SPOOFER--main[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

TPM-AND-SB-BYPASS-SPOOFER--main.zip
Size

5.7MB
MD5

2382581ec4322800fc4c4c35d480952a
SHA1

f1ebf3359633d788cb1f1737aee060edea99824b
SHA256

300c913202f767f5a10132e170234decf64b4fdcdcf9753b8e5c52eddd493d4d
SHA512

f38e1f6f5903e17e70c2c633ad3c20cb48b7662f008836e33403b2b8023aed69c950e74183f6455f787db8e0a5f5d33a9eb39e7be444a18d383461f953098dc1
SSDEEP

98304:/sAgjk8Gsu7cS26fiDYsiHlHBTGDsqVFK4zqp046soOcWTmdHuWRirj:fgjrdu7qXD+hTwdFK4s04fc2mdHNRQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/TPM-AND-SB-BYPASS-SPOOFER--main/Bypass.exe	themida

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TPM-AND-SB-BYPASS-SPOOFER--main/Bypass.exe
unpack001/TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/afuefix64.efi
unpack001/TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/amideefix64.efi
unpack001/TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/efi/boot/BOOTX64.efi
unpack001/TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/efi/boot/amideefix64.efi
unpack001/TPM-AND-SB-BYPASS-SPOOFER--main/spoof.exe

Files

TPM-AND-SB-BYPASS-SPOOFER--main.zip
.zip
TPM-AND-SB-BYPASS-SPOOFER--main/Bypass.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 200KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/Startup.nsh
TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/afuefix64.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/amideefix64.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 160B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/efi/boot/BOOTX64.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/efi/boot/amideefix64.efi
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CRT
Size: 160B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPM-AND-SB-BYPASS-SPOOFER--main/EFI_Spoofer/efi/boot/startup.nsh
TPM-AND-SB-BYPASS-SPOOFER--main/README.md
TPM-AND-SB-BYPASS-SPOOFER--main/spoof.exe
.exe windows:6 windows x64 arch:x64

b9e983240c9d4490452f0be542557c75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
VerifyVersionInfoW
CloseHandle
WaitForSingleObject
Sleep
GetExitCodeProcess
AllocConsole
GetCurrentProcessId
GetCurrentThread
OpenProcess
VirtualProtectEx
WriteProcessMemory
SetLastError
GetSystemInfo
GetCurrentProcess
VirtualAlloc
VirtualFree
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
SetFileInformationByHandle
GetModuleHandleA
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
QueryPerformanceCounter
GlobalUnlock
GlobalAlloc

user32

UpdateWindow
SetClipboardData
GetDesktopWindow
FindWindowA
OpenClipboard
GetWindowRect
CloseClipboard
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
BlockInput
PostQuitMessage
GetClipboardData
EmptyClipboard
DefWindowProcA
UnregisterClassA
RegisterClassExA
CreateWindowExA
IsChild
DestroyWindow
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
IsIconic
BringWindowToTop
SetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
SetWindowTextW
GetClientRect
AdjustWindowRectEx
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
PeekMessageA
ScreenToClient
WindowFromPoint
GetWindowLongW
SetWindowLongA
SetWindowLongW
LoadCursorA
MonitorFromWindow
GetMonitorInfoA
EnumDisplayMonitors
TranslateMessage
DispatchMessageA
PostMessageA

gdi32

GetDeviceCaps

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExA

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msvcp140

_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

ntdll

NtRaiseHardError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlAdjustPrivilege

vcruntime140

memcmp
__std_exception_copy
__std_exception_destroy
_CxxThrowException
wcsstr
__C_specific_handler
__current_exception
__current_exception_context
memchr
strstr
memset
memmove
__std_terminate
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fgetc
fgetpos
fputc
__p__commode
__stdio_common_vsscanf
__stdio_common_vsprintf
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
fsetpos
_set_fmode
_fseeki64
_pclose
_popen
setvbuf
fgets
ungetc

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

sqrtf
sinf
acosf
cosf
fmodf
__setusermatherr
ceilf

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_crt_atexit
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_beginthreadex
terminate
_cexit
_invalid_parameter_noinfo_noreturn
system

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

Sections

.text
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 200KB - Virtual size: 392KB

Size: 2KB - Virtual size: 4KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 8KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.1MB - Virtual size: 3.1MB

Headers

File Characteristics

Sections

.text Size: 572KB - Virtual size: 572KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 19KB - Virtual size: 1.0MB

.pdata Size: 23KB - Virtual size: 22KB

.CRT Size: 512B - Virtual size: 176B

.reloc Size: 6KB - Virtual size: 5KB

Headers

File Characteristics

Sections

.text Size: 342KB - Virtual size: 342KB

.CRT Size: 160B - Virtual size: 136B

Size: 5KB - Virtual size: 5KB

.xdata Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 6KB

Headers

File Characteristics

Sections

.text Size: 421KB - Virtual size: 421KB

.data Size: 499KB - Virtual size: 499KB

Size: 10KB - Virtual size: 10KB

.xdata Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 342KB - Virtual size: 342KB

.CRT Size: 160B - Virtual size: 136B

Size: 5KB - Virtual size: 5KB

.xdata Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 6KB

b9e983240c9d4490452f0be542557c75

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

d3d9

d3dx9_43

ntdll

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 381KB - Virtual size: 380KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 202KB - Virtual size: 204KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 268KB - Virtual size: 268KB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 8KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.1MB - Virtual size: 3.1MB

.text
Size: 572KB - Virtual size: 572KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 19KB - Virtual size: 1.0MB

.pdata
Size: 23KB - Virtual size: 22KB

.CRT
Size: 512B - Virtual size: 176B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 342KB - Virtual size: 342KB

.CRT
Size: 160B - Virtual size: 136B

.xdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 421KB - Virtual size: 421KB

.data
Size: 499KB - Virtual size: 499KB

.xdata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 342KB - Virtual size: 342KB

.CRT
Size: 160B - Virtual size: 136B

.xdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 381KB - Virtual size: 380KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 202KB - Virtual size: 204KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 268KB - Virtual size: 268KB

.reloc
Size: 512B - Virtual size: 380B